Assessment Information
CoreTrustSeal Requirements 2017–2019
Repository: e-Depot of the National Archives of the Netherlands Website: www.nationaalarchief.nl Certification Date: 27 July 2019
This repository is owned by: Nationaal Archief
CoreTrustSeal Board W www.coretrustseal.org E [email protected] e-Depot of the National Archives of the Netherlands
Notes Before Completing the Application
We have read and understood the notes concerning our application submission.
True
Reviewer Entry Reviewer 1 Comments: Reviewer 2 Comments:
CORE TRUSTWORTHY DATA REPOSITORIES REQUIREMENTS
Background & General Guidance
Glossary of Terms
BACKGROUND INFORMATION
Context
R0. Please provide context for your repository.
Repository Type. Select all relevant types from: National repository system; including governmental
Reviewer Entry Reviewer 1 Comments: Accept Reviewer 2 Comments: Accept
Comments
This is the application for CoreTrustSeal certification of the e-depot of the Nationaal Archief (National Archives of the Netherlands, NANETH). We define our e-depot as: “The consistent unity of equipment, software, procedures, methods, knowledge and skills that ensure sustainable intake, management, preservation and provision of digital objects and metadata.” (NANETH Preservation Policy [CoreTrustSeal])*
This e-depot with born-digital and digitised information from government bodies, digitised archives from NANETH and digital private archives is within scope for certification. All digital information transferred to NANETH is made publicly available, unless there are access restrictions (e.g. due to privacy issues). Only in the case of outsourced records management (see Requirement 0, Other Relevant Information) digital information is preserved specifically for and accessible only by the outsourcing organisation.
From a technical infrastructural point of view, the e-depot is a combination of our repository system, our collection management system and our public access portal. The design of the e-depot is described in the enterprise architecture Model Architectuur voor Rijks Archiefinstellingen (Model Architecture for Governmental Archives, MARA [CoreTrustSeal]).
The formal status of NANETH is enshrined in the Archiefwet 1995 (1995 Public Records Act, [CoreTrustSeal]) . Article 25 states that the Minister of Education, Culture and Science is responsible for the existence of a national repository and the appointment of a National Archivist as the head of this organisation. Article 12 designates NANETH as the national repository for archives transferred from national government bodies after 20 years. That is, those bodies which have or had functions encompassing the Dutch nation as a whole. NANETH has 137 stretched kilometres of documents, over 15 million pictures, 300,000 maps and over 800 Tb of records.
The tasks performed by NANETH are further regulated in the Statuut agentschap Nationaal Archief (NANETH’s statutes [CoreTrustSeal]). These define, among others, that the organisation will function as an knowledge centre for digitization, preservation and management of records as the documented manifestations of cultural heritage. More information about NANETH as an organisation is available on our website. See https://www.nationaalarchief.nl/over-het-na/organisatie/missie-en-meerjarenvisie for our mission statement and multi-year vision (in Dutch), https://www.nationaalarchief.nl/over-het-na/organisatie/directie-en-afdelingen for information on NANETH's directors, departments, our organisation and a link to our mandate decision document (in Dutch).
* Publicly available translated supporting documentation has been published on NANETH's website: https://www.nationaalarchief.nl/en/archive/knowledge-base/coretrustseal. If you see "DocumentName [CoreTrustSeal]" in this text, then [CoreTrustSeal] refers to this web page, and DocumetName to the named section on that page where the specific document and accompanying context information can be found. Supporting documentation that we could not make publicly available has been shared with CoreTrustSeal in confidence.
Reviewer Entry Reviewer 1 Comments: Accept Reviewer 2 Comments: Accept
Brief Description of the Repository’s Designated Community.
As a national archive, NANETH has many user communities. Some are, as per ISO 14721 OAIS terminology, Providers of digital information. Others are Consumers. Some are both. We have two Designated Communities: national government body record creators (who are both Providers and Consumers) and the public (who are Consumers).
The national government body record creators or legal caretakers ('zorgdragers' in Dutch) are our main Providers of digital information, as is explained in Requirement 0, Context. Both in the case of transferred digital information (after 20 years). In the case of outsourced records management (see Requirement 0, Other Relevant Information), these record creators are also Consumers with a Knowledge Base with a very good understanding of government archives in general and their own content and context in particular.
Primarily for this Designated Community, NANETH has issued a list of preferred and accepted formats ([NANETH Preferred and Acceptable Formats, [CoreTrustSeal]). This list includes open standards promoted by the Dutch Standardisation Forum (https://www.forumstandaardisatie.nl/content/english). The use of open standards to support interoperability, (re)use of data and reduce dependency on specific suppliers, is a leading Dutch government policy. The needs and wishes of this Designated Community are monitored and acted upon by means of NANETH's Preservation Watch, Planning and Action scheme (see Requirement 10, Preservation Plan).
The public (private persons, journalists, researchers and end user organisations from the cultural heritage domain) are our second Designated Community. We expect the members of the public to be able to read Dutch (as most archives are in Dutch), and to be able to follow the instructions for requesting (public or restricted) records (http://www.gahetna.nl/en/q-and-a/how-this-website-works/reserve-records) and visiting the reading room (http://www.gahetna.nl/en/using-this-site/visiting-the-nationaal-archief/visiting-the-reading-room). The list of preferred and accepted formats supports their (technological) demands with regard to interoperability, (re)use and reduce dependency on specific suppliers. As the knowledge base of this Designated Community does not include (a lot of) knowledge on digital government information content and context, we provide archival descriptions. See e.g. http://www.gahetna.nl/collectie/archief/ead/index/zoekterm/deltaprogramma/eadid/2.16.133 for an archival description for the Dutch Delta Programme (2010-2014) for protecting the Netherlands against flooding and extreme weather. Members of this Designated Community can also visit our Information Centre (http://www.gahetna.nl/en/visit-us/information-centre) or use our website to ask questions (see Requirement 11, Data quality). Monitoring and acting upon changes in this Designated Community is part of NANETH's Preservation Watch, Planning and Action scheme (see Requirement 10, Preservation Plan).
Reviewer Entry Reviewer 1 Comments: Accept Reviewer 2 Comments: Accept
Level of Curation Performed. Select all relevant types from:
C. Enhanced curation – e.g. conversion to new formats; enhancement of documentation
Reviewer Entry Reviewer 1 Comments: Accept Reviewer 2 Comments: Accept
Comments
In order to preserve the integrity and authenticity of deposited digital information from any deposit route, NANETH performs no “additional editing of deposited data for accuracy”, i.e. data-level curation.
In the pre-ingest phase of a national government record creator submission process, we check, amongst others, metadata conformity, identify file formats and file format validity. If required, (meta)data is repaired or enhanced. This, however, is primarily a task for the Provider and stems from the general requirement that “Administrative authorities are obliged to ensure that the records kept by them are in good condition, are properly arranged and accessible, and are thus maintained, and to arrange for the destruction of records which are eligible for destruction.” (1995 Public Records Act, [CoreTrustSeal]) The metadata and/or documentation on digital information preserved and made available by NANETH may be enhanced. Added entries are provided when more information becomes available about records, feedback from users can result in updates of metadata or documentation, etc. Although metadata is deposited data, we do not consider this “additional editing of deposited data for accuracy”.
How enhanced curation is further achieved can be gathered from our Preservation Policy [CoreTrustSeal]. See also Requirement 10, Preservation Plan.
Reviewer Entry Reviewer 1 Comments: Accept Reviewer 2 Comments: Accept
Outsource Partners. If applicable, please list them.
The legal framework Public Procurement in the Netherlands (https://www.pianoo.nl/public-procurement-in-the-netherlands) governs all NANETH and third party contracts of all NANETH's outsourced contracts. A team of service and contract managers is responsible for managing these contracts. They are supported by legal advisors.
The most important partners for the e-depot (and therefore not including partners for e.g. employee laptops, office software and Wi-Fi connectivity) are: Logius, ICTU, ODC Noord, SSC ICT, DE REE archiefsystemen and Picturae.
Logius provides the service Diginetwerk or ‘Haagse Ring’ (Diginetwork): https://www.logius.nl/english. Diginetwork is a trust framework for linking private government networks. Government organisations can exchange data simple and secure using these linked networks (of which the ‘Haagse Ring’ is one, see https://www.logius.nl/diensten/diginetwerk/, in Dutch). Logius is a member of the World Wide Web Consortium (W3C, see http://www.w3.org/Consortium/Member/List), and manages open standards according to the Beheer- en Ontwikkelmodel voor Open Standaarden (Management and Development Model for Open Standards, BOMOS) that was developed by TNO (https://www.tno.nl/en/) and Forum Standaardisatie (Dutch Standardisation Forum, https://www.forumstandaardisatie.nl/content/english).
ICTU (https://www.ictu.nl/about-us) provides technical personnel for e.g. (technical) application management and application development. For NANETH ICTU staff supports the management and development of the e-depot.
ODC Noord is one of the government's data centres in the Netherlands, and part of the Shared Service Organisation North-Netherlands (https://www.sso-noord.nl/). They host our customer self-service portal (https://na-prd.topdesk.odc-noord.nl/tas/public) and provide storage (for our backup) and housing (for disaster recovery). The storage agreement is limited to hardware and the operating system. NANETH provides and manages the necessary backup software, data connections, etc. Housing is limited to 19 inch racks. As NANETH we provide and manage our own hardware and software for disaster recovery purposes.
The Shared Service Centre ICT (SSC ICT) of the Ministry of the Interior and Kingdom Relations (https://www.government.nl/ministries/ministry-of-the-interior-and-kingdom-relations) manages how archivists of national government bodies access their information in the e-depot in case of outsourced records management (see Requirement 0, Other relevant information), e.g. by providing search and find functionality.
DE REE archiefsystemen (https://www.de-ree.nl/) provides and supports our collection management system MAIS-Flexis, a NEN 2082-compliant application (https://www.nen.nl/NEN-Shop-2/Standard/NEN-20822008-nl.htm). Implementation of this newly acquired system is currently in progress.
Picturae (https://picturae.com/) host our image collection that serves images to our public access portal (http://www.gahetna.nl/en). At the time of writing, the integration of a new public access portal in the corporate website www.nationaalarchief.nl was in the implementation phase.
Reviewer Entry Reviewer 1 Comments: Accept Reviewer 2 Comments: Accept
Other Relevant Information.
Regional Historical Centres
Regional Historical Centres (RHCs) for which NANETH provides technical infrastructure are beyond the scope of this application.
Outsourced records management
The 1995 Public Records Act (see also Requirement 0, Context) states that closed public records that are eligible for long-term preservation must be transferred to a designated repository no later than 20 years after closure. The legal caretaker will then have up to 10 years to ensure that the records are actually transferred.
Due to developments in technology and, in general, digital dark age issues (https://en.wikipedia.org/wiki/Digital_dark_age), 20 or 30 years may prove to be too long for a digital records to remain accessible. In some cases, the retention schedule for some archive components may also be shorter than 20. For these archives, NANETH provides legal caretakers with paid services to outsource records management to NANETH's e-depot. The legal ownership and caretakership will not change, but the management will be transferred to NANETH's Service Organisation.
The process of outsourcing records management is a process that closely resembles the normal process of transfer described under Requirement 8, Appraisal. The main exception is that any measures are recorded but not enforced. The obligation to implement those measures only applies at the time of transfer. Until that time, the decision to implement the measures is that of the legal caretaker. This outsourcing party is however advised to realize as much of these measures as possible, before transfer. This will prevent a situation in which the measures all have to be realised just in time for transfer later.
The outsourcing service and the other services available with regard to outsourcing records management are described in NANETH's Product and Services Catalogue [CoreTrustSeal].
Private archives
In scope for certification are agreements with private (digital) archive providers, and any private archives added to NANETH’s collection in the e-depot. Private archive providers are however not a Designated Community, as submitting private archives is a voluntary act. NANETH cannot impose (quality) requirements or expect a Knowledge Base other than that of the public.
NANETH acquires new private archives if these relate to national politics and government, and moreover constitute a substantial addition to the archives of the national government or the province of Zuid-Holland. See also Requirement 2, Licenses for information on private archives.
Reviewer Entry Reviewer 1 Comments: Accept Reviewer 2 Comments: Accept
ORGANIZATIONAL INFRASTRUCTURE
I. Mission/Scope R1. The repository has an explicit mission to provide access to and preserve data in its domain.
Compliance Level:
4 – The guideline has been fully implemented in the repository
Reviewer Entry Reviewer 1 Comments: 4 – The guideline has been fully implemented in the repository Reviewer 2 Comments: 4 – The guideline has been fully implemented in the repository
Response:
As NANETH, it is our mission, vision and statutory obligation to provide access to our data. The 1995 Public Records Act [CoreTrustSeal] states, in short, that there shall be a national repository with the specific task to actively maintain the records in its care. Part of that task is providing access, as can be found in article 17.
Our mission: we serve everyone’s right to information and give insight in the nation’s history by: • actively applying ourselves to strengthen the existing archival system, and • maintaining the national archive collection and present it on site and online.
Our goals: • move to the front of the information chain (i.e. more cooperation with organisations upstream in the document lifecycle), • provide a complete approach to preservation and digitization, and • provide more services (with a further reach) and get more on-site visitors (e.g. through exhibitions and events).
It is recognized throughout the organisation that providing access is our core business. In our 2017-2020 vision document (Met een open blik, meerjarenvisie 2017-2020, https://www.nationaalarchief.nl/over-het-na/ons-verhaal/missie-en-meerjarenvisie, in Dutch) this mission and these goals have been reaffirmed.
A translation of the summary of this multi-year vision document is:
“The National Archive (NANETH) ensures that information from the national government is kept in archives. We help you to find information in the archive. We have been doing that for more than two hundred years. Our work changes. We used to receive archives on paper, but more and more archives are delivered digitally. These changes have an impact on everyone who uses the archives. This vision describes how we want to deal with these changes, together with you.
Mission of NANETH
The government's actions are stored in records. This enables committees, scientists and journalists to do their job. This is of great value for our democracy. Archives also contain information about residents, family members and ancestors. By examining the archives we know better who we are, where we came from and where we are heading. That is of great social value. History has become the way a generation accounts for the present. We serve everyone's right to information by ensuring that government information is sustainably accessible. That is our right to exist.
Developments inside and outside NANETH
Everyone should know that NANETH exists and what you can find there. We organize exhibitions and activities for students. The needs and wishes of our visitors are taken into consideration as much as possible. We also make it easier to search the archives via the internet. We connect and simplify systems, and make them more accessible. And we make agreements and systems to preserve digital archives. That is sometimes difficult. Making information accessible can, for example, be in conflict with laws about privacy. This does not change our job, but can change the way in which we carry it out.
Organisation with an open mind
NANETH focuses on the outside world. All efforts are focused on serving the public as best we can. Our employees help researchers to do their research as independently as possible. Improving search options has our permanent attention.
Archive creators, in our case national government organisations, create the archives of the future. When they create information, they should already take measures for sustainable accessibility and openness. That change is far-reaching. Therefore, we advise the archive creators in the early stages of the document life-cycle.
The main challenge within the archive sector is digital archiving. In the archive sector we work closely together with other managers, creators and users of archives. That way knowledge becomes available fast in the archive sector.
We advise the minister of Education, Culture and Science on policy and legislation matters.
Renovation of archive work
Digitization has resulted in changes in the meaning of traditional archiving concepts. The way in which we currently archive our information is not applicable to everybody and everything. This is a problem. The sustainable accessibility of information is in danger when disparate ways of archiving are being applied. We are still looking for solutions.
Development of the organisation Every employee of NANETH is an ambassador from the organisation. Expertise and reliability are core values of NANETH. We constantly work on broadening, gaining and spreading knowledge. We try to find out what makes our customers and partners move. We adapt our services to their needs and preferences. We show courage, are innovative and bring organisations and people together.
Continue with the vision
NANETH faces a big challenge, and has a strong ambition. This is feasible with an open mind, with each other and with our partners. Our vision gives direction, but also offers room for flexibility. And that is precisely the intention.
NANETH cooperates intensively with Regional Historical Centres, the Network Digital Heritage, trade association BRAIN, professional association KVAN, NIOD, the Erfgoedinspectie, ING Huygens Institute, DocDirekt and many others.”
Some of the underlying ideas in this multi-year vision document were already present in the Archiefvisie 2011 (Archive vision 2011 [CoreTrustSeal]). This policy document was co-authored by the Minister of Education, Culture and Sciences and the Minister of Domestic Affairs. It speaks of the digital information society, it’s changing needs and the position that NANETH should come to hold as a result. The core ideas presented were: • Sustainable maintenance of fleeting digital information (archivists need to work together with information specialists and IT architects) • Providing public access to governmental data in real-time • Providing access to data through one portal (Europeana) • Innovation-driven governmental collaboration at the national and local level
Reviewer Entry Reviewer 1 Comments: Accept Reviewer 2 Comments: Accept
II. Licenses
R2. The repository maintains all applicable licenses covering data access and use and monitors compliance.
Compliance Level: 4 – The guideline has been fully implemented in the repository
Reviewer Entry Reviewer 1 Comments: 4 – The guideline has been fully implemented in the repository Reviewer 2 Comments: 4 – The guideline has been fully implemented in the repository
Response:
In this section, we provide an overview of licenses/agreements for depositors/providers and users.
Depositor/Provider
Products and Services Catalogue
The Producten- en Diensten Catalogus (Products and Services Catalogue [CoreTrustSeal]) contains an overview of digital archiving-related services offered by NANETH. It contains services provided to government bodies and to the RHCs. Only the e-depot services provided to government bodies are in scope for CoreTrustSeal certification (see the table on page 5 of the Products and Services Catalogue).
After selecting the required services from the Products and Services Catalogue, an Agreement on cooperation with an attached Addendum is agreed upon between NANETH and a client. These documents describe the conditions under which digital archiving-related services are provided and the rights and obligations the client enjoys (as Provider and/or Consumer). The Agreement on cooperation is generic for all users. The Addendum describes specific user-related conditions.
Private archives
In scope for certification are also agreements with private (digital) archive providers, as their archives will be added to NANETH’s collection. Our policies regarding private archive acquisition is explained in Profiel en beleid met betrekking tot de verwerving van particuliere archieven (Profile and policy regarding the acquisition of private archives [CoreTrustSeal]).
In short, NANETH acquires new private archives only if these relate to national politics and government, and moreover constitute a substantial addition to the archives of national government or the province of Zuid-Holland. Criteria for acquisition are, among others, that the private archives should contain, in original documents, important information on the government’s decision-making and activities. Any acquired photographic material must be royalty-free or include a transfer of copyright. Furthermore the material must document significant historical events and developments and form an addition to the existing archive and photo collections.
Open to the public
The 1995 Public Records Act [CoreTrustSeal] authorizes, in article 17, the National Archivist to provide access to the records in his care. Article 14 states as a principle that all these records are open to the public. The Wet Hergebruik overheidsinformatie (Reuse of Public Sector Information Act, http://wetten.overheid.nl/BWBR0036795/2016-10-01) and the Wet Bescherming Persoonsgegevens (Personal Data Protection Act, http://wetten.overheid.nl/BWBR0011468/2017-07-01) both apply. (Translations of these acts can be found online, but please note that we only point to them as an informal information source: https://ec.europa.eu/digital-single-market/en/news/implementation-psi-directive-netherlands and https://www.akd.nl/t/Documents/17-03-2016_ENG_Wet-bescherming-persoonsgegevens.pdf, respectively.)
The 1995 Public Records Act provides specific exceptions to public accessibility. These exceptions are limited in time and are specifically in place to safeguard: • a subject’s privacy, or; • the interests of the State or its Allies, or; • the appearance of disproportionate advantage or disadvantage of legal persons or entities or third parties.
The original legal caretaker determines these exceptions and the National Archivist acts as an obligatory advisor (articles 15 and 16 of the 1995 Public Record Act). At the moment of transfer, a Declaration of Transfer ('Verklaring van overbrenging' in Dutch) is drafted and signed, detailing which records were transferred and if there are any exceptions to the public accessibility. See https://www.nationaalarchief.nl/archiveren/kennisbank/openbaarheidsadvies-van-de-algemene-rijksarchivaris for model Declarations (in Dutch).
User Licenses
The archival collection is available as open data when information is born-digital or has been digitized, and has no access restrictions. As a result of the Beleid Open Collectiedata bij Nationaal Archief (Policy Open Collection Data at Nationaal Archief [CoreTrustSeal]) this practice has become policy. We are working towards applying a CC0 (Creative Commons, https://creativecommons.org/) licensing policy for all records without access restrictions (see also Requirement 13, Data discovery and identification).
The terms and conditions and information about privacy and tariffs for use of the (digital) archives are available online at http://www.gahetna.nl/en: • http://www.gahetna.nl/en/terms-and-conditions • http://www.gahetna.nl/en/privacy • http://www.gahetna.nl/en/tariffs If there are access restrictions, they are published in the information’s finding aid. If restrictions apply, the user will have to request on-site access. We report (attempted) non-compliance, vandalism or theft. (Currently, no digital archives with access restrictions are made available through the e-depot.) How access restrictions are dealt with is explained on http://www.gahetna.nl/vraagbaak/onderzoeksgids/inzage-beperkt-openbaar-archief (in Dutch).
Reviewer Entry Reviewer 1 Comments: Accept Reviewer 2 Comments: Accept
III. Continuity of access
R3. The repository has a continuity plan to ensure ongoing access to and preservation of its holdings.
Compliance Level:
4 – The guideline has been fully implemented in the repository
Reviewer Entry Reviewer 1 Comments: 4 – The guideline has been fully implemented in the repository Reviewer 2 Comments: 4 – The guideline has been fully implemented in the repository
Response:
As a repository for the Dutch national government NANETH has structural funding. Archives that have been transferred to NANETH are meant to be kept for eternity. Preservation is therefore an integral part of the National Archives’ organisation, viz. one preservation officer, two preservation advisors and one preservation researcher. The Ministry of Education, Culture and Science is responsible for the policy and funding of the archives of national Dutch government. For budget information and annual reports, see e.g. (in Dutch) http://www.rijksbegroting.nl/2018/voorbereiding/begroting (select a year, “Onderwijs, Cultuur en Wetenschap”, “Cultuur” and look for ”Nationaal Archief”) and the annual report of 2017: http://www.rijksbegroting.nl/2017/verantwoording/jaarverslag (select “Onderwijs, Cultuur and Wetenschap”, “Cultuur” and look for “Nationaal Archief”).
NANETH has written a vision document for the period 2017-2020 (Met een open blik, meerjarenvisie 2017-2020, in Dutch). (Improved) access to the archive collection is one of the focus points of this new vision. Based on this vision, annual plans are written.
In 2015, PwC (http://www.pwc.nl/) performed a financial assessment of the Digitale Taken Rijksarchieven (Digital Tasks Government Archives) program, including a forecast of NANETH’s operating costs for managing the government’s digital archives from 2017 till 2021: https://www.rijksoverheid.nl/documenten/rapporten/2015/12/14/rapportage-financiele-doorlic hting-digitale-taken-rijksarchieven-dtr-financiele-doorlichting-dtr-en-quick-scan-op-de-i-functie (in Dutch). This report played an important role in making the provisional program budget structural from 2016 onward.
In order to guarantee continued access to the Preservica Enterprise Edition digital preservation solution that forms the core of our e-depot in case of e.g. bankruptcy of the provider, an escrow agreement is in place with Preservica (www.preservica.com). We have a “perpetual, non-exclusive, non-transferable license to run, use, copy and modify the core system, including all documentation”. See also Requirement 15, Technical Infrastructure.
Reviewer Entry Reviewer 1 Comments: Accept Reviewer 2 Comments: Accept
IV. Confidentiality/Ethics
R4. The repository ensures, to the extent possible, that data are created, curated, accessed, and used in compliance with disciplinary and ethical norms.
Compliance Level:
4 – The guideline has been fully implemented in the repository
Reviewer Entry Reviewer 1 Comments: 4 – The guideline has been fully implemented in the repository Reviewer 2 Comments: 4 – The guideline has been fully implemented in the repository
Response:
Information protection
The Rijksbrede Baseline Informatiebeveiliging Rijksdienst (Civil Service Information Protection Baseline, BIR 2017, https://www.earonline.nl/index.php/BIR-Baseline_Informatiebeveiliging_Rijksdienst) applies to services provided by NANETH. The BIR expands the NEN-ISO27001 and NEN-ISO27002 information protection standards. The BIR’s implementation by NANETH ensures that any information protection requirements required for certification are met.
NANETH’s Information Security Officer oversees enforcement of the BIR standards and accounts for this once every 6 weeks in a supervision meeting with the CIO of the National Archives and the Concern Information Security Officer and the Security Officer of the Ministry of Education, Culture and Science. Checks and balances to promote the right outcome are in place. Secure Software Development principles are used in the software development and maintenance program. Secure by design and privacy by design principles have been introduced. Raising security awareness takes place through regular sessions with outsource partners, during which the OWASP (Open Web Application Security Project) Top Ten (https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project) is discussed. The relevant guidelines of the Centrum voor Informatiebeveiliging en Privacybescherming (Centre for Information Security and Privacy Protection, CIP, https://www.cip-overheid.nl/) are used. Quality promotion through organized partner co-operation on quality of work, based on shared responsibilities, is promoted. Integrity as inextricably linked to professionalism in the performance of the work is a regular agenda item. Functional separation has been implemented on the basis of Need to know and Need to use principles for controlling the confidentiality, integrity and authenticity of the data, and for promoting continuity in providing services. These principles form an integral part of the BIR.
Ethical norms
Public servants, elected representatives and members of public executive bodies must comply with rules of conduct. By swearing the oath or making the affirmation, a public servant promises to comply with these rules. See https://wetten.overheid.nl/BWBR0009572/1998-05-20 (in Dutch). Employment is only possible on the basis of a positive Verklaring Omtrent het Gedrag (Declaration of Conduct, VOG, https://www.justis.nl/producten/vog/certificate-of-conduct/). This VOG is issued by an external agency, the Ministry of Justice. Additional safety research takes place if the job requires handling of special information. This screening is carried out by the Dutch Security Services, part of the Ministry of Justice. Hired employees and otherwise contracted personnel must sign a confidentiality statement. Secrecy is a standard part of these confidentiality statements. Employees that run into integrity issues can contact NANETH’s Integrity Officer.
Ethical norms are part of the Algemeen Rijksambtenaren Reglement (General Public Services Regulations, ARAR, http://wetten.overheid.nl/BWBR0001950/2017-01-01). Not complying with these ethical norms may result in sanctions, as explained in the ARAR.
Employees who are a member of professional archival organisations are bound to specific codes of conduct. KVAN/BRAIN is the most important example (https://www.kvanbrain.nl/). The organisation "unites professionals and institutions in the archive sector. Together we represent the interests of the Dutch archives, stimulate and support cooperation in the sector and promote the expertise of archive professionals".
Data protection
NANETH ensures compliance with the European Union's renewed standards framework for the protection of personal data, the Algemene Europese Verordening Gegevensbescherming (General Data Protection Regulation, AVG). NANETH complies with the regulations and policies of the Meldplicht Datalekken (Mandatory Notification Data Leaks, https://autoriteitpersoonsgegevens.nl/nl/onderwerpen/beveiliging/meldplicht-datalekken) of the Autoriteit Persoonsgegevens (Personal Data Authority, AP), the Dutch authority that oversees the correct implementation of the Wet Bescherming Persoonsgegevens (Personal Data Protection Act, WBP). How NANETH deals with the personal data of users is explained on our public access portal: http://www.gahetna.nl/privacy (in Dutch). NANETH’s privacy policy is available on our website: https://www.nationaalarchief.nl/privacyreglement-nationaal-archief#collapse-6737 (in Dutch).
Reviewer Entry Reviewer 1 Comments: Accept Reviewer 2 Comments: Accept
V. Organizational infrastructure
R5. The repository has adequate funding and sufficient numbers of qualified staff managed through a clear system of governance to effectively carry out the mission.
Compliance Level:
4 – The guideline has been fully implemented in the repository
Reviewer Entry Reviewer 1 Comments: 4 – The guideline has been fully implemented in the repository Reviewer 2 Comments: 4 – The guideline has been fully implemented in the repository
Response:
NANETH is the repository for Dutch governmental information. In 2013, the Digitale Taken Rijksarchieven (Digital Tasks Government Archives, DTR) program was launched at NANETH. The DTR program provides facilities needed to carry out the core task of NANETH and the RHCs to manage government archives in the digital age. The program had to ensure that on January 1, 2016: • a common infrastructure for NANETH and RHCs is able to capture, manage and unlock digital and digitized government archives • there is clarity about the sustainability requirements and guidelines for information management for the government • a first part of digitized government archives is openly findable, accessible and reusable for the public The Ministry of Education, Culture and Science has decided to make the provisional program budget structural from 2016 onward (see Requirement 3, Continuity of Access). The underlying tasks for this budget are accepted as ongoing and integral part of NANETH’s statutory function. This structural funding ensures that NANETH can maintain a high level of knowledge, development by training our professionals and maintain the technical infrastructure. In addition to our own staff training schemes, NANETH employees can benefit from the Ministry of Education, Culture and Science’s and other government staff training programs. Highly trained employees are required for practicing our statutory function. See also Requirement 0, Context, for more context information.
General information about NANETH can be found under Requirement 0, Context, and on our English web pages (https://www.nationaalarchief.nl/en/our-story). Given the state of affairs of September 2017, NANETH has 211 employees: 178 permanent members of staff and 33 temporary members of staff. 18 FTE are contract assignments. The job families of the permanent and temporary staff are: line, project or programme management (8% of the employees), advice (19%), operational management (24%), and implementation (48%). More information about the Functiegebouw Rijk (Job Family System of the Dutch National Public Administration) can be found in this brochure: https://www.functiegebouwrijksoverheid.nl/assets/downloads/A3-brochure_Job_Family_System_2018.pdf.
Reviewer Entry Reviewer 1 Comments: Accept Reviewer 2 Comments: Accept
VI. Expert guidance R6. The repository adopts mechanism(s) to secure ongoing expert guidance and feedback (either inhouse or external, including scientific guidance, if relevant).
Compliance Level:
4 – The guideline has been fully implemented in the repository
Reviewer Entry Reviewer 1 Comments: 4 – The guideline has been fully implemented in the repository Reviewer 2 Comments: 4 – The guideline has been fully implemented in the repository
Response:
NANETH employs both in-house as well as external experts and committees to oversee and advise us on our e-depot. The scope of these committees extends from overseeing financial continuity to consultancy on data management and technological implementation. The department Kennis & Advies (Knowledge & Advice) acts as our in-house consultancy branch and advises on appraisal, recordkeeping, preservation and public access. Specific examples of advice given and general guidelines that have been published in this section.
Management of knowledge products
NANETH develops, manages and publishes knowledge products: practical aids or tools for designing and managing government information services. With the aim that government information must be accessible, now and in the future, for everyone who has the rights to access it. Under management of knowledge products, all activities aimed at maintaining and promoting the use of knowledge products are included. This is relevant to the effectiveness of the e-depot, since some knowledge products govern the (data) quality of it, such as DUTO (Quality Requirements for Sustainable Accessible to Government Information, https://wiki.nationaalarchief.nl/pagina/DUTO:Wiki), the Toepassingsprofiel Metadata Lokale Overheden (Application Profile Metadata Local Government, TMLO, http://www.nationaalarchief.nl/digitaal-archiveren/informatie-archiveren-het-e-depot/metadata-het-e-depot), the Richtlijn archiveren overheidswebsites (guide for archiving government websites, https://www.nationaalarchief.nl/archiveren/nieuws/websites-archiveren-dat-doe-je-zo) and the Nederlandse Overheid Referentie Architectuur dossier about Sustainable Accessibility (Dutch Government Reference Architecture, NORA, https://www.noraonline.nl/). A fourth example of a knowledge product is the list of preferred and accepted formats (NANETH Preferred and Accepted Formats, [CoreTrustSeal]). Information on the governance and management of the knowledge products is available on our wiki website, in Dutch: https://wiki.nationaalarchief.nl/pagina/DUTO:Verantwoording. A translated summary is: "The Standardisation Board of the National Archives oversees the production and maintenance of knowledge products. The Standardisation Board consists of representatives of central and regional government bodies and archive institutions at management and / or CIO level. The representatives have experience in their primary process and represent the interests of organisations that use our knowledge products.
The Standardisation Board: • Prioritizes the themes knowledge products focus on. • Drafts new and proposes updates to knowledge products, and assesses the adherence to work processes. • Advises NANETH with regard to the work plan for maintenance activities. • Proposes knowledge products as standards to standardisation organisations. Note that the Standardisation Board itself does not have the authority to impose standards on (government) organisations. • Passes on signals from their communities to NANETH and act as an ambassador for knowledge products to their communities."
Service Organisation
In 2017 NANETH established a Service Organisation. This is a department responsible for providing corporate service. It focuses specifically on the development and provision of products and services for government record creators and RHCs. The Service Organisation keeps in intensive contact with these customers. The governance of the Service Organisation includes committees (both advisory and decision-making) populated with technical members, data science experts, relevant disciplinary experts and business executives at these levels: • Strategic o Strategic client consultation ensures coordination and decision making on topics in the relationship between clients and contractor for any service of the Service Organisation. The management of knowledge products is one of these topics. • Tactical o Client consultation with regard to our digital services o Stakeholder consultation with regard to our digital services o Stakeholder consultation with regard to our Actorenregister (Actors Register with basic institutional information about national government actors, https://actorenregister.nationaalarchief.nl/, in Dutch) • Operational o User consultation with regard to our digital services o Contact page (https://www.gahetna.nl/en/contactform) and customer self-service portal for user questions (see also Requirement 0, Designated Community)
Corporate user community interaction is based on the principles of Single Point of Contact and Click-Call-Face: • Click: a service website, i.e. a customer self-service portal for clients of our digital services) • Call: a customer contact centre for first-line support, by telephone or e-mail • Face: account management available for optimal on-site service provision
The self service portal is only accessible via personal customer login. It provides the customer with insights into questions and malfunctions reported by their own organisation. All corporate customers who have a question for the Service Organisation will receive a unique reference number assigned to the question. Based on this reference number, the customer is informed of the status of the reference .
Knowledge function of the archive sector
Together with legal caretakers and information and archive professionals, NANETH has drawn up a Knowledge and Innovation Agenda. This was done to tackle shared issues and contribute to strengthening the knowledge function of the archive sector. For the 12 most important topics on this agenda, knowledge platforms have been set up for stakeholders to develop and share knowledge. The website for these knowledge platforms is https://kia.pleio.nl/.
Organisational guidance
An advisory board ('Raad van Advies' in Dutch) advises NANETH on organisational and archival issues. As can be found on https://www.nationaalarchief.nl/archiveren/nieuws/raad-van-advies-biedt-kritische-blik (in Dutch), members are representatives from the business world, journalism, science and government.
NANETH plays an active role in the International Council on Archives (ICA, https://www.ica.org/en).
The department of Knowledge & Advice has many forms of cooperation with (inter)national experts. For example: the (board) membership of the Open Preservation Foundation (OPF, www.openpreservation.org) and the DLM Forum (http://www.dlmforum.eu/), and the active involvement in the Dutch Digital Heritage Network (www.netwerkdigitaalerfgoed.nl/en). NANETH is also a member of NEN committee 38004611 (https://www.nen.nl/Normontwikkeling/energy/Informatie-en-archiefmanagement.htm, in Dutch) and represent this NEN committee in ISO Committee TC46/SC11 (Archives and record management, https://committee.iso.org/tc46sc11).
Large projects or programmes like DTR (see Requirement 3, Continuity) are reviewed periodically using the Dutch Gateway Review Method (https://www.bureaugateway.nl/english): "The Gateway Process examines projects and programs at key decision points and aims to provide timely advice to the Senior Responsible Owner (SRO) - the person responsible for delivery of the project or program. A Gateway report provides the SRO with an independent view on the current progress of the project or program including observations and recommendations."
Customer monitoring
Archive customers are consulted in a biannual customer monitor hosted by KVAN/BRAIN (see Requirement 4, Confidentiality/ethics). NANETH occasionally organises specific consumer surveys. Customers are consulted passively through response forms on the website. The results of customer monitoring are also input for NANETH's Preservation Watch, Planning and Action scheme (see Requirement 10, Preservation Plan).
Reviewer Entry Reviewer 1 Comments: Accept Reviewer 2 Comments: Accept
DIGITAL OBJECT MANAGEMENT
VII. Data integrity and authenticity
R7. The repository guarantees the integrity and authenticity of the data.
Compliance Level:
3 – The repository is in the implementation phase
Reviewer Entry Reviewer 1 Comments: 3 – The repository is in the implementation phase Reviewer 2 Comments: 3 – The repository is in the implementation phase
Response:
NANETH’s e-depot is based on the international standard ISO 14721:2012 Space data and information transfer systems -- Open archival information system (OAIS) -- Reference model (https://public.ccsds.org/pubs/650x0m2.pdf).
Each e-depot ingest workflow has a virus check step, which undertakes a virus check of the ingested files. The anti-virus software configured for use in our ingest workflows is McAfee.
If a government body wants to connect to the e-depot for the transfer of digital records, a so-called impact assessment is started (see https://www.nationaalarchief.nl/archiveren/kennisbank/impactanalyse-aansluiting-e-depot, in Dutch). In these assessments NANETH and the data provider investigate what organisational, content and technical measures are required for the connection. See e.g. http://openpreservation.org/blog/2017/05/17/preservation-impact-assessments-how- preservation-tools-support-naneths-connection-projects/ for a blog explaining these assessments from the perspective of digital preservation. In short, we discuss (in a meeting) and analyse (with tools) the information types, file formats, some significant properties, and any preservation actions performed by the provider. The results of the assessment are used to create a project plan for the actual connection project and resulting ingest.
One of the topics to investigate in impact assessments is that data providers should at all times accompany the digital files they transfer to us with an fixity or integrity check, either MD5, SHA1, SHA256 or SHA512. In all our ingest workflows the fixity check provided by the data provider is compared with the fixity check calculated by the workflow of our e-depot. They must be the same. If not, the workflow halts and the data provider is notified that there is a discrepancy between one or more fixity checks (see the Standard Workflows document, shared with the reviewers in confidence).
Version management is taken care of by e-depot software. In the production environment, each Deliverable Unit (DUs, the information objects that are the conceptual entities or records that are delivered by providers) has one or more manifestations or versions. One manifestation could e.g. be converted to a newer and more open file format, resulting in a new preservation manifestation. Or, if new file formats for presentation become available, additional presentation manifestations could be created. All manifestations and their histories are retained, including their historical metadata.
The e-depot keeps track of user actions via audit trails. For every object, the e-depot stores its history: who (user) did what (workflow) when (timestamp), and with what result. Rollback is available for history events with clearly defined rollback pathways, such as manual metadata modification, a soft delete, a soft restore and appraisal decisions.
The preservation workflows of the e-depot make use of a technical registry with information about object properties, tools for extracting their values (and storing them in the metadata) and comparing these values before and after preservation actions. One example is the comparison of an image’s histogram before and after a preservation action. If the histograms differ more than a (configurable) percentage, the workflow presents a warning or, depending on the configuration, is aborted.
Only a limited set of technical digital information properties is currently extracted and compared in the e-depot. Therefore, NANETH is working on a solution for dealing with significant properties of digital information when executing preservation actions. Significant properties are “the characteristics of digital objects that must be preserved over time in order to ensure the continued accessibility, usability, and meaning of the objects, and their capacity to be accepted as evidence of what they purport to record” (https://www.webarchive.org.uk/wayback/archive/20130423072330/http://www.significantpropertie s.org.uk/inspect-framework.pdf). We presented our work in progress on significant properties at the 15th International Conference on Digital Preservation (iPres2018). See e.g. http://openpreservation.org/blog/2018/10/03/initial-list-of-significant-significant-properties-available/ for a blog about our work on 'significant significant properties': "those properties of information types that most digital preservation practitioners find significant in most contexts". As a member of the Open Preservation Foundation’s Archive Interest Group (http://openpreservation.org/knowledge/interest-groups/archives/) we are investigating significant properties for spreadsheets. The identity of government organisation data providers is checked before the start of the impact assessment project. Private data providers must relate to national politics and government. Their identities are usually known, but checked nonetheless to ensure that a data provider is who s/he claims to be.
Reviewer Entry Reviewer 1 Comments: Accept Reviewer 2 Comments: Accept
VIII. Appraisal
R8. The repository accepts data and metadata based on defined criteria to ensure relevance and understandability for data users.
Compliance Level:
4 – The guideline has been fully implemented in the repository
Reviewer Entry Reviewer 1 Comments: 4 – The guideline has been fully implemented in the repository Reviewer 2 Comments: 4 – The guideline has been fully implemented in the repository
Response:
NANETH acquires government public records based on our legal task and has policies regarding private archive acquisition. How we deal with private archive providers can be found under Requirement 0, Other Relevant Information and Requirement 2, Licenses.
Government Records
National government bodies are required, under the 1995 Public Records Act [CoreTrustSeal], to formulate in a retention schedule, which records are eligible for preservation and which for destruction. The retention schedule is bound by a legal procedure stipulated in the Archiefbesluit 1995 (1995 Decree on Public Records, https://wetten.overheid.nl/BWBR0007748/2013-01-01, in Dutch). The Decree is one of the main regulations ensuring implementation of the Act, and has been updated in 2013 to reflect developments in the government digitisation.
Records that are eligible for preservation must be transferred to a designated repository for permanent preservation no later than 20 years after they are closed. For the archives of the government and the province of Zuid-Holland, the National Archives is the designated repository. The legal caretaker or Provider is responsible for the appraisal of records. See also https://www.nationaalarchief.nl/archiveren/waardering-en-selectie and https://www.nationaalarchief.nl/archiveren/kennisbank/digitale-overheidsinformatie-bij-het-nationaal-archief (both in Dutch).
Quality control
When a national government record creator wants to transfer digital records to NANETH, an impact assessment takes place (see also Requirement 7, Data integrity and authenticity). In this impact assessment, NANETH and the record creator investigate the quality of data and metadata, and how it should be exported from the source system so that it can be ingested in the e-depot. The overall acquisition or submission process has three tracks: • An organisational track, in which any legal and administrative issues are investigated and dealt with. Examples are filling out and signing of the Beslisdocument (Decision document [CoreTrustSeal]), advising (if required) on a Besluit Beperking Openbaarheid (Decision on Exceptions to Public Access, see https://www.nationaalarchief.nl/archiveren/kennisbank/veelgestelde-vragen-over-openbaarheid-en-overbrenging, in Dutch) and filling out and signing a Verklaring van Overbrenging (Declaration of Transfer, see Requirement 2, Licenses). • A content track, in which the quality and completeness of the organisation and description of the archive in fonds, series, files and items is assessed, and how to map the source metadata scheme to NANETH’s metadata scheme. The assessment uses established guidelines based on the ISAD(G) standard for archiving archives (https://en.wikipedia.org/wiki/ISAD(G)). The mapping uses the description and explanation of the Toepassingsprofiel Metagegevens Rijksoverheid (Application Profile for Government Metadata), based on the Richtlijn Metagegevens Overheidsinformatie (Metadata Directive for Government Metadata) and the NEN/ISO 23081 standard (https://www.nen.nl/NEN-Shop-2/Standard/NENISO-2308112006-nl.htm). Also investigated is whether the technical conversion of the metadata to the XML schema ToPX (https://www.nationaalarchief.nl/archiveren/kennisbank/metadata-en-het-e-depot), which belongs to the Application Profile for Government Metadata, was performed well. • A technical track, in which the export from the source system is realised according to the guidelines laid down in a Voorwaarden Export-document (Export Requirements, see https://www.nationaalarchief.nl/archiveren/kennisbank/voorwaarden-export-naar-e-depot, in Dutch). The technical aspects of the connection are also prepared (transport, security, etc.).
The quality control steps in the acquisition process have an iterative character. If a review shows that delivery differs from the stipulated standards and agreements in the Decision document, the records creator is consulted to clarify if the finding can be restored. The consultation can also resolve a misunderstanding, resulting in the delivery being acceptable to NANETH after all. The ultimate responsibility for ensuring that the archives are in 'goede, geordende en toegankelijke staat' (good condition, properly arranged and accessible) lies with the records creator, as described in article 3 of the 1995 Public Records Act and article 26 of the 2009 Archives Regulation (http://wetten.overheid.nl/BWBR0027041/2014-01-01).
Reviewer Entry Reviewer 1 Comments: Accept Reviewer 2 Comments: Accept
IX. Documented storage procedures
R9. The repository applies documented processes and procedures in managing archival storage of the data.
Compliance Level:
3 – The repository is in the implementation phase
Reviewer Entry Reviewer 1 Comments: 3 – The repository is in the implementation phase Reviewer 2 Comments: 3 – The repository is in the implementation phase
Response:
The processes and procedures for managing archival storage of the data are governed by the MARA (see Requirement 0, Context, [CoreTrustSeal]). We work under architecture and have redundancy as our storage starting point. The archival storage processes and procedures have been implemented in the Preservica Enterprise Edition digital preservation solution (see https://preservica.com/). Documentation of how Preservica deals with storage can be found in chapter 7 (Storage) of the Enterprise System Administration Guide, shared with the reviewers in confidence.
The specific storage layer linked to the storage adapters is built by using commercial off-the-shelf servers. The disk cabinets connected to servers provide the servers with RAID 6 volumes (https://en.wikipedia.org/wiki/Standard_RAID_levels). On top of those volumes we created a software-based network attached replicated and distributed scale-out file system with a global name space (based on Red Hat Gluster Storage, https://www.redhat.com/en/technologies/storage/gluster). In theory, this provides our e-depot with unlimited storage space.
All archival data is replicated and backed up at a remote site, approximately 200 kilometres away (ODC Noord, see Requirement 0, Outsource partners). Our backup strategy uses ‘incremental-forever backup’: if there is a full backup, the delta can be backed-up within one week (Recovery Time Objective, https://en.wikipedia.org/wiki/Recovery_time_objective).
Fixity or integrity check features are in place. When data is stored, the system checks if two exact copies of the data have been saved. The e-depot can also be used to re-check data file checksums. This is a manual process, started on demand, as checksum re-checking is a lengthy process (given the number of files in the e-depot), and because the storage hardware and software have built-in safeguards against bit rot. Monitoring of the storage environment is handled by Icinga (https://www.icinga.com). Hardware is replaced every 5 years.
Our preservation policy addresses data storage. In section 4.2 of the policy we describe the responsibilities of the department of Infrastructure and Services with regard to storage, and section 4.3 specifically addresses storage. Risk management techniques in the form or business continuity and disaster recovery plans are in place, see Requirement 16, Security.
For the security of government services like NANETH, conformance to the BIR is obligatory (see Requirement 4, Confidentiality/Ethics). One thing the BIR requires is that each user account is linked to a person. The access to the e-depot is therefore based on named accounts. Each account consists of a profile, and each profile has one or more roles. The available profiles and roles are maintained by our application portfolio managers in the form of an authorisation matrix document.
The e-depot is used by several customers and for both transfer (which includes transfer of archive responsibility and management) and outsourced records management (which only includes transfer of management). Data from different customers must be managed separately. As a result, we chose to implement a tenant structure, see Requirement 0, Other relevant information and our Products and Services Catalogue [CoreTrustSeal]. Only NANETH's tenant is in scope for certification, as explained in R0, Context.
Reviewer Entry Reviewer 1 Comments: Accept Reviewer 2 Comments: Accept X. Preservation plan
R10. The repository assumes responsibility for long-term preservation and manages this function in a planned and documented way.
Compliance Level:
4 – The guideline has been fully implemented in the repository
Reviewer Entry Reviewer 1 Comments: 4 – The guideline has been fully implemented in the repository Reviewer 2 Comments: 4 – The guideline has been fully implemented in the repository
Response:
In the 1995 Public Records Act [CoreTrustSeal] NANETH’s legal responsibilities with regard to transferred government archives have been stipulated. NANETH’s 2015 Preservation Policy (NANETH Preservation Policy, [CoreTrustSeal]) describes our preservation policy, including responsibilities of stakeholders, which agreements have to be discussed with the legal caretakers (Providers), and which information is stored and checked from the moment NANETH assumes responsibility of the digital information.
NANETH has adopted a just-in-time preservation approach for all digital information preserved by NANETH: we perform preservation actions only when they are necessary and still possible (as opposed to just-in-case: performing actions as soon as they are possible). One of the benefits of this approach is that we can use, at the time of the required action, the latest preservation insights and technical solutions.
Our Beslisdocument (Decision document [CoreTrustSeal]) defines all (legal) responsibilities and the measures required in order to transfer ownership from a legal caretaker to NANETH. NANETH also acquires rights and duties to preserve the digital information.
In order to further increase NANETH’s preservation quality control, a process of Preservation Watch, Planning and Action (see http://wiki.dpconline.org/index.php?title=Preservation_Watch) has been implemented at NANETH, see https://www.nationaalarchief.nl/archiveren/kennisbank/hoe-werkt-preservering (in Dutch). This 'Preservation Watch' monitors a variety of internal and external entities, including the digital information preserved in the e-depot, international developments with regard to hardware and software, and NANETH’s user communities (including our Designated Communities). Critical or imminent risks are passed to preservation planning for further analysis and the planning of subsequent actions. Preservation action performs actions on digital information to ensure continued accessibility. Preservation action sends feedback to preservation watch, thereby closing the feedback loop.
The general preservation plan for all digital information preserved by NANETH starts at the bit preservation level. NANETH: • maintains at least two manifestations of every bit stream, an ‘original’ and a ‘copy’; • guarantees the integrity of the bit stream by checksum control; • can demonstrate and document the above by means of documented procedures and metadata.
In order to also provide functional preservation, we documented and developed a list of preferred and accepted file formats, and file format preservation strategies. Our current file format strategies document has strategies for file formats that are most commonly used by the Dutch government: • TIFF (.tif / tiff) • E-mail (including .msg, .eml) • PDF and PDF/A (.pdf) • Microsoft Office Word (.doc, docx) • Microsoft Office Excel (.xls, .xlsx) • Microsoft Office PowerPoint (.ppt, .pptx) • Microsoft Office Access (.mdb, .accdb)
This file format strategies document will be reviewed and updated periodically. Candidates for inclusion are file format strategies for websites, geographical information, social media and databases. See e.g. https://kia.pleio.nl/groups/view/41 371832/kennisplatform-preservation/blog/view/46539532/bestandsstrategieen-nationaal-archief for a publicly accessible version of the file format strategies. At the time of writing, NANETH has identified no digital information in the e-depot that requires preservation actions.
The e-depot has a technical registry with representation information for supporting preservation planning and preservation actions in the e-depot. It is based on the National Archive of the U.K.’s PRONOM technical registry (http://www.nationalarchives.gov.uk/PRONOM/Default.aspx). The e-depot knows which of the integrated tools can be used to perform certain actions, because of a PRONOM unique identifier (PUID). These PUIDs uniquely identify specific versions of specific file formats, such as fmt/18 for the Adobe Acrobat PDF 1.4 Portable Document Format. At ingest and after each conversion, file formats are identified and their PUID is stored. The e-depot also has a framework for integrating additional (third party) tools, enabling them to also work under (the same) e-depot control (as other tools). NANETH is working on a solution for dealing with significant properties of information objects when executing preservation actions (see Requirement 7, Data integrity and authenticity).
Reviewer Entry Reviewer 1 Comments: Accept.
The reviewer recommends that when seeking renewal of its certification, the repository provides further public information relating to how data and metadata are updated to respond to changes in the needs of the Designated Community. Reviewer 2 Comments: Accept
XI. Data quality
R11. The repository has appropriate expertise to address technical data and metadata quality and ensures that sufficient information is available for end users to make quality-related evaluations.
Compliance Level:
3 – The repository is in the implementation phase
Reviewer Entry Reviewer 1 Comments: 3 – The repository is in the implementation phase Reviewer 2 Comments: 3 – The repository is in the implementation phase
Response:
As described in Requirement 8, Appraisal, when archives are acquired, a lot of attention goes to the quality of the archive arrangement, the quality of descriptions, and the verification that the metadata mapping between the source system and the e-depot is well executed. The metadata must be delivered in TopX, and must be valid according to the TopX XML schema. Together with the records creator, the introduction to the inventory is written, which describes the context of the archive as a whole. Descriptive elements from the ISAD(G) (https://www.ica.org/en/isadg-general-international-standard-archival-description-second-edition) standard are used, such as: • Title • Date • Level of description • Name of creator • Administrative history • Scope and content • Appraisal, destruction and scheduling information • System of arrangement • Conditions governing access • Language/script of material • Conditions governing reproduction • Physical characteristics and technical requirements • Related archives at or outside NANETH
Inventories on NANETH’s public access portal are compiled in EAD format (https://en.wikipedia.org/wiki/Encoded_Archival_Description), and presented in the form of HTML, EAD (XML) or PDF. The well-formedness and validity of the EAD data are checked against a generic EAD schema. A tailor-made stylesheet is used to check if the content of the EAD file has conformed to NANETH’s specific (interpretation and) application of the EAD standard.
In short, legal caretakers export digital information together with their metadata from their source systems and provide the information with TopX metadata to NANETH. Technical metadata is stored in the XIP metadata format in the repository system (see the e-depot’s Logical Data Model document, shared with the reviewers in confidence) and descriptive metadata is compiled as EAD in our collection management system. Our public access portal presents information in the form of HTML, EAD (XML) or PDF.
Members of the public can use features of NANETH’s public access portal to ask questions, send remarks or provide information meant to improve (archive) descriptions. Every inventory page has a Reacties (Response) field for leaving a public response, see e.g. http://www.gahetna.nl/collectie/archief/ead/index/zoekterm/deltaprogramma/eadid/2.16.133 (but note that this field is only available when logged in). NANETH also has an e-mail address, contact form, telephone number and an online chat box for more private responses or questions, see e.g. http://www.gahetna.nl/en/address-and-route.
Reviewer Entry Reviewer 1 Comments: Accept Reviewer 2 Comments: Accept
XII. Workflows
R12. Archiving takes place according to defined workflows from ingest to dissemination. Compliance Level:
3 – The repository is in the implementation phase
Reviewer Entry Reviewer 1 Comments: 3 – The repository is in the implementation phase Reviewer 2 Comments: 3 – The repository is in the implementation phase
Response:
NANETH’s responsibilities stemming from laws and regulations have been translated in our mission, vision and organisational strategies (see Requirement 0, Repository Type). These in turn have fed our Preservation Policy (see Requirement 10, Preservation Plan). This policy has been turned into daily (preservation) practice by implementing a Preservation Watch, Planning and Action scheme.
From a more technical perspective, the e-depot architecture has been laid down in the MARA (see Requirement 0, Repository Type [CoreTrustSeal]). The pre-ingest (impact assessment) workflow has been described under Requirement 8, Appraisal, the submission agreement in Requirement 10, Preservation Plan, and the TopX metadata model under Requirement 11, Data Quality. The resulting Submission Information Package and workflows for ingest have been documented in workflow descriptions. These workflows are based on the e-depot’s Standard Workflows document, shared with the reviewers in confidence. Several of them have been modified to fit our specific needs. Two examples are workflows for digitised and born-digital information. Our e-depot development team develops and maintains these tailor-made workflows according to the Agile/Scrum methodology (see Requirement 15, Technical Infrastructure). At the time of writing, we have identified 17 workflows, including those for ingesting data with access restrictions, hybrid archives (with a combination of physical – paper – and digital material), born-digital material and different types of maintainer or access requirements. Access to the various workflows, and the system’s security settings, are governed by the authorization matrix (see Requirement 9, Documented storage procedures) and the BIR (see Requirement 4, Confidentiality/Ethics). Release bulletins and user, customer, and stakeholder meetings ensure that these groups are regularly informed and/or consulted. The workflow for born-digital information is in production, others are in the implementation phase.
We have shared, as examples, architectural workflow documents for digitised and born-digital information with the reviewers in confidence.
Reviewer Entry Reviewer 1 Comments: Accept Reviewer 2 Comments: Accept
XIII. Data discovery and identification
R13. The repository enables users to discover the data and refer to them in a persistent way through proper citation.
Compliance Level:
4 – The guideline has been fully implemented in the repository
Reviewer Entry Reviewer 1 Comments: 4 – The guideline has been fully implemented in the repository Reviewer 2 Comments: 4 – The guideline has been fully implemented in the repository
Response:
Access via the website
The public access website gives access to NANETH’s archives, and provides mechanisms for data harvesting. The website has a finding aid (http://www.gahetna.nl/en), archive inventories (http://www.gahetna.nl/en/collectie/archief) and indexes (http://www.gahetna.nl/en/collectie/index). The archive inventories are compiled in EAD according to ISAD(G) guidelines and descriptors, and are presented in the form of HTML, PDF or the XML source (see Requirement 11, Data quality). Persistent identifiers (PI) are available for the inventories, indexes and information objects. NANETH uses the Handle System, as can be gathered from these examples: - Inventory PI example: http://hdl.handle.net/10648/6873ce4a-f9ba-4328-94cf-cec0a53130d3 - Index PI example: http://hdl.handle.net/10648/80bc8f94-3208-11e5-a668-00505693001d - Information object PI example: http://hdl.handle.net/10648/69105d2e-26e2-5c5b-fcb0-6bd12dcf2d6c
Citation is not obligatory, but if users want to cite archives or specific inventory numbers, a citation instruction is available. After translation to English, it has the following form:
CITATION INSTRUCTION When citing records in annotation and reference, the archive should be mentioned at least once in full and without abbreviations. After that, a shortened quote may suffice.
IN FULL: Nationaal Archief, Den Haag, [Name of archive], access number [access number], inventory number [inventory number]
SHORT: NL-HaNA, [Short name of archive], [access number], inv.nr. [inventory number]
These non-obligatory citation instructions are provided at the level of inventory numbers. An example of a citation instruction (in Dutch) is: https://www.nationaalarchief.nl/onderzoeken/archief/2.05.428?open=c01%253A0.c02%253A0.&a nchor=descgrp-access_and_use-prefercite, or see the EAD XML at the tag prefercite: http://www.gahetna.nl/archievenoverzicht/ead/xml/eadid/2.05.428.
Open data
All public collection data of which NANETH is rights holder, is provided as open data. Our open data policy [CoreTrustSeal] is available from our website, as well as information about which collection data is provided as open data, and how this open data can be used (http://www.gahetna.nl/en/about-us/open-data). All open data sets have a Public Domain license (https://en.wikipedia.org/wiki/Public_domain) or one of the Creative Commons licenses (https://creativecommons.org/).
These open data sets are currently available:
Source; Technique; License; Example URL Archive inventories; OAI-PMH; CC0; http://www.gahetna.nl/archievenoverzicht/oai-pmh?verb=ListRecords&metadataPrefix=oai_ead_full Scans of documents; OpenSearch; Public Domain and CC0; http://www.gahetna.nl/beeldbank-api/opensearch/?q=3.18.20&count=100&startIndex=1 Indexes; Data files in XML and CSV; CC0 and CC-BY-SA; A list of links is available in this PDF document: http://www.gahetna.nl/sites/default/files/bijlagen/indexen_die_beschikbaar_zijn_onder_een_cc0_verklaring_of_cc_3.pdf Photos; OpenSearch; Public Domain and CC-BY; http://www.gahetna.nl/beeldbank-api/opensearch/?q=2.24.14.02&count=100&startIndex=1 Maps; OpenSearch; Public Domain and CC0; http://www.gahetna.nl/beeldbank-api/opensearch/?q=4.ZHPB4&count=100&startIndex=1 Actors register; OAI-PMH; CC0; https://actorenregister.nationaalarchief.nl/oai-pmh?verb=ListRecords&metadataPrefix=eac-cpf
The open data sets have been published on the website of Open Cultuur Data (http://www.opencultuurdata.nl/datasets/), and are reused by e.g. https://www.wiewaswie.nl/en/, https://www.archieven.nl/en/, https://www.archivesportaleurope.net/, https://commons.wikimedia.org/ and http://www.europeana.eu.
Reviewer Entry Reviewer 1 Comments: Accept Reviewer 2 Comments: Accept
XIV. Data reuse
R14. The repository enables reuse of the data over time, ensuring that appropriate metadata are available to support the understanding and use of the data.
Compliance Level:
3 – The repository is in the implementation phase
Reviewer Entry Reviewer 1 Comments: 3 – The repository is in the implementation phase Reviewer 2 Comments: 3 – The repository is in the implementation phase
Response:
Any data provided to NANETH must be accompanied by metadata. This metadata should be in accordance with existing standards. According to the 2009 Archives Regulation, government organisations are required to create a metadata schema based on ISO 23081.
A metadata guideline for Dutch government has been created. Based on that guideline, two generic application profiles have been developed (one for national, one for local government). These profiles provide minimum requirements for metadata for long term preservation of records, including requirements for contextual, technical and data management metadata. These requirements are in place to ensure that all users and Designated Communities will get access to unchanged, authentic and understandable information. As explained under Requirement 0, Level of Curation Performed, added entries are provided when more information becomes available about records. Feedback from users can result in updates of metadata or documentation. Our Preservation Watch, Planning and Action scheme can also result in updates in metadata, e.g. when we notice significant changes in the (knowledge bases of) Designated Communities. This (meta)data management is the responsibility of NANETH's Collection department.
During the pre-ingest phase, a representative dataset is analysed (see also impact assessment in Requirement 8, Appraisal) in order to assess whether minimum metadata requirements are met, as set by the application profiles. NANETH uses these application profiles as a minimum standard, with some slight changes to meet the software requirements of the e-depot. For more information about metadata, see e.g. Requirement 8, Appraisal and Requirement 11, Data Quality.
Requirement 10, Preservation Plan details how file formats (see e.g. our preferred and accepted formats document) and preservation (see e.g. our Preservation Policy and our Preservation Watch, Planning and Action scheme) are dealt with at NANETH.
The rendering of many common file formats is possible via the e-depot’s extensible render facilities. Alternatively, files can be made available as downloadable copy. If needed, so-called presentation manifestations of preserved information objects can be created and made available (e.g. a JPEG version of a TIFF image). Feedback from our Designated Communities helps to decide which file formats to prioritize for adding to the render framework, and which files can be made available as downloadable copy or in the form of a presentation manifestation.
Reviewer Entry Reviewer 1 Comments: Accept Reviewer 2 Comments: Accept
TECHNOLOGY
XV. Technical infrastructure
R15. The repository functions on well-supported operating systems and other core infrastructural software and is using hardware and software technologies appropriate to the services it provides to its Designated Community.
Compliance Level:
3 – The repository is in the implementation phase
Reviewer Entry Reviewer 1 Comments: 3 – The repository is in the implementation phase Reviewer 2 Comments: 3 – The repository is in the implementation phase
Response:
Our e-depot is based on the ISO 14721:2012 Space data and information transfer systems -- Open archival information system (OAIS) -- Reference model. The repository software comes with extensive documentation and basically consists of two parts: the core application and the workflows that are the actual workhorses (for ingest, data management, storage, access, etc.).
The core system is the digital preservation solution Preservica (www.preservica.com). The workflows are maintained by NANETH. Some are off-the-shelf workflows that come with the e-Depot software. A growing number of workflows are tailor-made, to fit our particular needs. Please note that no workflows are currently created that add completely new functionality to the functionality already present in the system in the standard workflows. Most workflows still perform the same task as the standard workflows, but with changes that better suit our broader infrastructure. Some have e.g. been changed for checking metadata against specific XML schemas, or for ensuring that digitised and born-digital information objects are processed differently on ingest, in order to send the right metadata file to the right collection management system. See Requirement 12, Workflows for more information on the digitised and born-digital workflows.
For our workflow and further product maintenance work, the Agile/Scrum methodology is used. The e-Depot development team members are provided by ICTU (https://www.ictu.nl/about-us). Having consulted the stakeholders, our product owner prioritizes the change requests (user stories on the product backlog in our JIRA instance, https://www.atlassian.com/software/jira) with the development team and our application portfolio management team. In Scrum sprints of 3 weeks, a Potentially Shippable Product is delivered that, if possible, subsequently goes into production.
Preservica release one or two product updates per year. Releases are accompanied by release notes and are usually presented in webinars. These webinars and a user forum are used to get feedback from users for product development purposes. A ticketing system is in place for error reporting. A yearly User Group Meeting in Oxford, U.K., is held to jointly establish a product development roadmap. Usually two NANETH representatives take part in the Oxford meeting. See e.g. http://preservica.com/about/community.
E-Depot product updates (in the form of RPMs) are added to our internal Red Hat Enterprise environment with, among others, Red Hat Virtualisation (https://www.redhat.com/en/technologies/virtualization), Red Hat Satellite (https://www.redhat.com/en/technologies/management/satellite) and GlusterFS (https://www.gluster.org/). The same applies for any third party software and packages stemming from our e-Depot development team. The use of Git (https://git-scm.com/), Jenkins (https://jenkins.io/index.html) and Maven (http://maven.apache.org/index.html) ensures a continuous integration system.
Third party software packages used in the e-Depot are e.g. DROID for file format profiling (http://www.nationalarchives.go v.uk/information-management/manage-information/policy-process/digital-continuity/file-profiling-tool-droid/) and JHOVE for format identification, validation, and characterisation of digital objects (http://openpreservation.org/technology/products/jhove/). Both tools rely on (file format) information provided by the e-Depot’s technical registry. This registry is based on the PRONOM registry maintained by the U.K. National Archives (http://www.nationalarchives.gov.uk/PRONOM/Default.aspx). Examples of other third party tools in the e-Depot are OpenOffice libraries for office document conversion and previewing, and the JAI Image I/O Tools library for image format conversion. More information about third party tools in the e-Depot is documented in the System Installation Guide, shared with the reviewers in confidence.
The software runs on a Dell PowerEdge R620 server with an Intel Xeon E5-2603 CPU and 64GB RAM, connected to a Dell PowerVault MD3260 storage array with 60 4TB drives, presented to the server as 5 RAID 6 groups. (The aforementioned 800 TB is more than this, and includes e.g. the image collection currently hosted by outsource partner Picturae.) Our internet connection is a single 1 GB internet connection. This bandwidth is currently sufficient for uploading and downloading purposes, but this will not remain sufficient in the future. It has therefore been decided to add an internet connection, and to increase the bandwidth to 10 GB. This will be implemented in 2019.
See also Requirement 9 for more information about the (hardware and software supporting our) Documented Storage Procedures, Requirement 8, Appraisal, for more information about our metadata standards (based on NEN/ISO 23081) and Requirement 4, Confidentiality/Ethics for security-related standards used.
Reviewer Entry Reviewer 1 Comments: Accept Reviewer 2 Comments: Accept
XVI. Security R16. The technical infrastructure of the repository provides for protection of the facility and its data, products, services, and users.
Compliance Level:
3 – The repository is in the implementation phase
Reviewer Entry Reviewer 1 Comments: 3 – The repository is in the implementation phase Reviewer 2 Comments: 3 – The repository is in the implementation phase
Response:
The Rijksbrede Baseline Informatiebeveiliging Rijksdienst (Civil Service Information Protection Baseline, BIR 2017, https://www.earonline.nl/index.php/BIR-Baseline_Informatiebeveiliging_Rijksdienst) applies to security, as explained under Requirement 4, Confidentiality/Ethics.
For risk analysis - inventorying and solving security risk with regard to e-Depot services - we use a tailor-made tool: QuickScan BIR e-Depot. The tool conforms to BIR norms. Also, business continuity and disaster recovery plans are available. A SIEM (Security Incident and Event Monitor) is being introduced, as well as additional remote storage and disaster recovery provisions that will further improve our outage services.
The business continuity services include our own data centre, which conforms to government norms with regard to the power supply, cooling and fire safety. The ICT services at component and network level have been implemented in a redundant manner. For change management in the software and hardware life-cycle, we have separate development, testing, acceptance and production environments (https://en.wikipedia.org/wiki/Development,_testing,_acceptance_and_production).
Access authorisation procedures with regard to the various spaces within NANETH have been implemented, also for the security of our employees. Employee safety is supported by Emergency Response Officers (EROs, bedrijfshulpverlening in Dutch), who receive training to keep up to date with ERO developments. Their skills include providing assistance in the form of a First Responder to employees requiring assistance. Rapid building evacuation also belongs to the tasks assigned to the EROs. An integral security coordinator provides for crisis and calamity procedures.
Physical access to the e-depot’s server room is limited to authorised personnel. Electronic access to the e-depot is based on named accounts, as explained in Requirement 9, Documented storage procedures. Our ICT Calamity Plan and ICT Continuity Plan (both in Dutch) are shared with the reviewers in confidence.
NANETH’s privacy policy is available on our website: https://www.nationaalarchief.nl/privacyreglement-nationaal-archief (in Dutch).
Reviewer Entry Reviewer 1 Comments: Accept Reviewer 2 Comments: Accept
APPLICANT FEEDBACK
Comments/feedback
These requirements are not seen as final, and we value your input to improve the core certification procedure. To this end, please leave any comments you wish to make on both the quality of the Catalogue and its relevance to your organization, as well as any other related thoughts.
Response:
Reviewer Entry Reviewer 1 Comments: The reviewer would like to thank the NANETH e-depot for their patience and attention to this application for the CoreTrustSeal.
National Archives with a more general remit are a less traditional type of application. The Nationaal Archief's work to clearly define their designated community with reference to the domain of governmental data (for both government deposits and private archives) has been invaluable in progressing this certification. Reviewer 2 Comments: